Chrome Update Fixes 48 Vulnerabilities

Friday, July 22, 2016 @ 11:07 AM gHale


Google released the Chrome 52 web browser this week, which fixes 48 security vulnerabilities.

Of the fixes, there were 11 high risk vulnerabilities, along with six medium severity issues.

RELATED STORIES
Apple Patches Multiple Vulnerabilities
IE PoC Released, Attackers Pounce
Browser Collects Data No Matter What
Updated Tor Browser Releases

The most important of the patched vulnerabilities was a sandbox escape in Pepper Plugin API (PPAPI), the cross-platform API for Native Client-secured web browser plugins. Google classified the vulnerability, discovered by Pinkie Pie who earned $15,000, as high risk.

Another high risk hole was a URL spoofing on iOS. Researcher xisigr of Tencent’s Xuanwu Lab found the vulnerability and picked up a $3,000 bounty.

The remaining nine high severity flaws include a use-after-free in extensions, a heap-buffer-overflow in sfntly, same-origin bypass in Blink, use-after-free in Blink, same-origin bypass in V8, memory corruption in V8, URL spoofing, and use-after-free in libxml.

Fixes for all of the security issues are in the Chrome 52.0.2743.82 release.